A Security Evaluation Framework for Intelligent Connected Vehicles Based on Attack Chains

With the rapid development of intelligent connected vehicles (ICVs), their intelligent, remote, and high-speed mobility characteristics have led to an expansion of their attack surface, and thus an increase in security requirements. Consequently, security research for ICVs has become a current research focus. However, existing security risk monitoring measures lack linkage with attack behavior, and security defense strategies cannot fully and promptly respond to security risk levels and system vulnerabilities. Therefore, this paper proposes a security evaluation framework for ICVs based on attack chains. The framework focuses on the mechanism and steps of attack generation, evaluates the current risk level and degree of harm in a targeted manner, and maps appropriate security management measures according to the degree of harm. This security evaluation model integrates various defense mechanisms and resolves the mismatch between existing ICV security defense measures and security situations. The effectiveness of this model has been validated through experiments, and potential research directions in the future are discussed and analyzed.